Smarter Workplace Passwords
Updated Feb. 27, 2020
If this is the case, start by reevaluating your passwords.
63% of confirmed data breaches leverage a weak, default, or stolen password. According to SplashData, the most commonly used passwords in 2019 were “123456,” “12345678,” and “qwerty.” Although, using the word “password” as a password moved from the top of the list to the fourth most commonly used, which shows slight progress. Now it may seem like common sense not to use those passwords, but clearly that isn’t the case because the usage is still so high.
If you think your password is safe because it isn’t that obvious, it may not be much better. If you use the same password over and over for multiple accounts, your password is at the same risk. If a hacker figures out your password for one account, they’ve got the keys to the kingdom. Remember, hackers do this for a living. While you are working 9:00 to 5:00 at your office job, they are working double that to scrape up data that will allow them to breach your system.
Require Multiple Passwords for Different Areas
Though employees may complain and say that using the same one through all company networks saves them time, it also makes it easier for cybercriminals to crack a system once to access your entire network. Having different logins for different servers or security areas could limit access – even from your own staff.
Don’t Use Personal Details in Passwords
Some prefer easy passwords like a family pet, a maiden name, a neighborhood or a birthday. But these are easier to guess. Nothing is truly private anymore, making it easy for hackers to scrape personal data from social networking sites.
Create Time Limits
Managers can encourage employees to log out every time they get up or put down their phones. But a policy like this will rarely be 100% effective unless their desktop and mobile devices are programmed to automatically lock up after a short amount of time. They won’t just go to sleep, which is a common energy-saving task but also require a login to reactivate. This could cause some gripes, but better security can be worth a few extra seconds. A directive can also be offered to make sure passwords are not placed in obvious places, like on a sticky note on a monitor.
Some sites remember your passwords and other credentials by putting a ‘cookie’ into your system. This makes pages load faster and doesn’t require a login on every visit. However, this can create security concerns, especially for unauthorized access to a computer or device history.
Try a Password Manager
This type of software can help people customize their passwords, with random letters, numbers and characters. It also can create longer strings that are more difficult to guess (12 letters instead of the common 5 or 6). These can also have a shorter lifespan than a personal password that may never expire. A generated password may only last a day or a week until a new one is created and issued. This policy can also deter hacking efforts – if someone tries an older password, it may not work, or could even set off alerts for improper access.
Set Up Two-Factor Authentication (2FA)
Most platforms today have the option to set up 2FA on your account, which adds an extra layer of security beyond your password. Once your password is entered, the next step to log in is to enter a code that is sent to your phone or a one-time code generated by an app. That way, you can be proactive in a situation where you get a 2FA ping to your phone but weren’t trying to log in.
Domain is the trusted choice when it comes to staying ahead of the latest information technology tips, tricks, and news. Contact us at (888) 330-8088 or send us an email at firstname.lastname@example.org for more information.
Want more from your IT provider? We know change is hard.
A conversation is a great place to start. Contact us to set up a call.
Don’t Have an Extra $2 Million Laying Around to Settle a HIPAA Fine? Then Pay Attention to Details and Encrypt Your Mobile Devices!
The U.S. Department of Health & Human Services Office for Civil Rights has fined two healthcare organizations for potential HIPAA violations resulting from unencrypted stolen laptops. The healthcare organizations received combined fines of nearly $2 million. That’s a fairly huge fine! The OCR is attempting to showcase the importance of mobile device security, however, many…
December 31st is fast approaching and if your healthcare organization hasn’t completed your Meaningful Use Risk Assessment for 2013 you’d better get busy. If you miss the deadline, you may have to return a full year of EHR (Electronic Health Record) incentive payments. Your EHR or EHR components must meet the standards set by the…
The HIPAA Security Rule was enacted in 1996 by the U.S. Congress, designed to establish national standards to protect individuals’ electronic personal health information used and/or stored by a covered entity. The HITECH act states that all healthcare providers will be offered financial incentives for establishing meaningful use of electronic health records. While HIPAA and…